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(57) Abstract: A document security management system for securely 
managing documents for users. The document management system 
comprises a document repository providing a facility for storing data 
files representing the documents. A key repository stores a public key 
of one or more encryption key pairs, each of the enoyption key pairs 
being associated with one of the documents stored in the document 
repository. Each document stored in Ae document repository is en- 
crypted with the public key of the encryption key pair associated with 
the document. A plurality of client terminals are operable to store and 
to retrieve the documents from the documentary repository for pro- 
cessing by a user. Each user is in possession of a digital certificate 
comprising a certificate key pair. The key repository includes the pri- 
vate key of the encryption key pair encrypted with the public key of 
the certificate key pair associated with the user. The client terminal is 
operable with the private key of the certificate key pair in possession 
of a user. The chent terminal is operable to decrypt the private key of 
the encryption key pair using the private key of the certificate key pair 
of a user, and to retrieve the encrypted document from the document 
repository and to decrypt the document usir^ the decrypted private key 
of the encryption key pair. Thus, in accordance with the present inven- 
tion a two tier arrangement of private key^ublic key pairs is provided 
with a Hrst private key/public key pair called the encryption key pair 
being associated with each of the documents and a second digital cer- 
tificate private key/public key pair called a certificate key pair being 
assodated with the users. A document management system according 
to the present invention is therefore provided with an improvement in 
security with respect to document management and document man- 
agement security. 
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DOCUMENT SECURITY MANAGEMENT SYSTEM 
Field of Invention 

The present invention relates to document security management systems for 
securely managing documents for users. 
5 In one embodiment a document security management system is provided on a 

client-server arrangement, in ^^ch client terminals are interconnected via a 
telecommunications network to one or more servers. 
Backgronnd of flie Invention 

There is an increasing requirement to improve the security with \^ch 
10 corporate information is stored and used in digital form. Documents and information 
may contain any type of data, scanned images, program files, text or databases, \^ch 
are stored as data files on a document repository server. Whilst it is known that 
infontnation and document ntianagement systems can include some measure of access 
and privilege control, critical information may remain unencrypted and/or accessible to 
15 system administrators, database administrators and backup media managers. 

It is desirable to provide a system with improved security management of 
documents or data stored on the system. 
Snmmarv of tihe Invention 

Various aspects and features of Ae present invention are defined in the 

20 appended claims. 

Embodiments of the present invention can provide a document security 
management system for securely managing docximents for users or for securely 
managing data for users. Tbe document security management system comprises a 
document repository (v^ch could be any industry standard or proprietary format 

25 repository) providing a fedlity for storing data files representing documents and a 
separate secure encryption key repository for securely storing public-private key pairs 
("encryption key pairs'^ \^ch are used to encrypt and decrypt documents in the 
document repository. Each of the encryption key pairs is associated with one or more 
of the documents currently stored or intended to be stored in the document repository. 
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Each document stored in the docummt repository is eucrypted with the public key of a 
1 specific encryption key pair ("encryption public key^. Hence there is for every 

I document in the repository an associated encryption key pair (as distinct fiom a digital 

signature certificate key pair) stored in Ae secure encryption key repository. A 
5 plurality of client terminals are operable to retrieve the encrypted documents fiom the 

document repository for processing or viewing by users. Each user needs to obtain a 

digital signature certificate \^ch contains a user-specific private key-public key pair, 

: which may be for example in accordance with generally accepted National and 

j 

hitemational standards of PKI and National LegislatiorL The private key associated 
10 with a digital signature certificate key pair ("certificate private key) is accessible only 
to the owner of the certificate by commonly accepted PKI standards. 

The key repository stores the private key of the encryption key pair 
("encryption prrs^ key^ encrypted with the public key of the digital signature 
certificate key pair ("certificate public key) associated with a user. The repository can 
I 15 contain for each document plural copies of the document's associated encryption 

private key, one separate copy per authorised user, with each user's encryption private 
key copy encrypted with that user's certificate pubUc key. The repository also contains 
a single copy, in unencrypted form, of the encryption public key of each encryption 

I 

key pair and a single copy of the certificate public key of each registered user of die 
20 system. 

I The client terminal has access to the user's certificate private key by virtue of 

having the digital signature certificate installed on the client terminal or through an 
I attached device. The clieiit terminal is operable to obtain a copy of the encryption 

private key from the key repository and to decrypt the encryption private key using the 
25 certificate private key to retrieve the encrypted document fiiom the document 
\ repository and to decrypt the document using the encryption private key associated 

I with the document. The obtained encrypted encryption private key is typically not 

deleted from the key repository . 
j Embodiments of the preset invention can use industry-standard two key 

30 encryption algorithms such as RSA and address the foUowmg limitations of basic two- 
key encryption / decryption technology: 
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• A single encrypted copy of a documrat can be made available to midtiple 
users in encrypted form witb a reduced likelibood of compromising 
document security and without reliance upon transferring digital 
certificates; 

5 • Controlled access to documents can be provided without relying a 

requirement for allocating and revoking personal digital certificates; 

• Transfer of access privileges from one user to another can be provided 
without a requirement for decrypting the documents and without a need for 
users \^ose access is being removed being involved in the access privilege 

10 transfer; 

• Document iq)dates and document edits can be tracked and in particular 
View Access (i-e., those \^o have viewed the document evra without 
saving, editing, or updadng it in any way) and a legally certifiable record 
can be maintained, for exanqple using PKI encryption of access to the 

IS document with a time stamp; 

• Storing or transmitting copies of unencrypted keys with tbird parties and 
escrow agents is not typically required and the use of an escrow master key 
for any of the purposes stated above is not required. 

• Since digital certificates have a limited validity, issue and management of 
20 multiple digital certificates per user can be handled independent of the 

security management system. 
The document security management system according to an example 
embodiment of the present invention is provided with a document repository for 
storing data files, where each file has been encrypted with an encryption public key. 

25 The encryption public keys are stored in the key repository but in an unencrypted 
form. However the encryption private key, also stored in the key repository, is 
encrypted with the certificate public key associated with a user. As such, documents 
and encryption private keys are neither stored unencrypted nor communicated 
unencrypted. Decryption of the encrypted encryption private key only takes place in 

30 the client terminals by the provision of ^e certificate private key, \^diich is allocated to 
the user and then the decrypted encryption private key is used to decrypt the encrypted 
document in the client terminal. That is to say, that the certificate private key is used 
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to decarypt the encryption private key to recover the encryption private key. This is 
then used to decrypt the encrypted document, \^ch has been encrypted with the 
encryption public key. To enhance security, the decrypted encryption private key is 
discarded soon after or immediately on decryption of the document and is not stored in 
5 the client machine. If necessary the encryption private key can be once more dovm- 
loaded and decrypted by the user since it is only a copy of the encrypted encryption 
private key that has been retrieved on the client terminal. 

Thus, in accordance with the present invention a two tier arrangement of 
private key/public key pairs is provided with an encryption key pair being associated 
10 with each of the documents and a second digital certificate key pair being associated 
with the users. A security management system for documents according to the present 
invention is therefore provided with an improvemmt in security and security 
managemmt with respect to data ffles representing documents, ^s^ch are managed by 
the system. 

15 If a user leaves the organisation then his/her access to an encryption key pair 

can be withdrawn by simply deleting the usct's encrypted copy of the encryption 
private key from the repository. In some embodiments the key repository is arranged 
to store each of the encryption private keys of tiie encryption keys pairs, encrypted 
with the certificate public key of one or more key managers. The key manager can 

20 therefore access tiie set of encryption private keys yMch had been allocated to a user 
(each encryption private key representing a unique document stored in the docimient 
repository), and remove one or more of the encryption pivate keys from the user's 
section of the key repository and if ^jpropriate allocate it to another user. 
Accordingly, security is maintained even if a user leaves an organisation \^ch 

25 operates the security management system for its documents. 

Embodiments of the present invention may also be arranged to generate a hash 
value ofthe document aft^ the document has been created or edited by a user. Abash 
value is a form of document digest, ^^ch represents in digital form the content within 
a data file. A client terminal on vMck a document has been created and/or edited nmy 

30 be arranged to run an plication to generate the hash value. The client terminal may 
also generate a detached signature, ^lich may be formed using the hash value. As 
such, \^en die user again edits the document the cUent can confirm that the docimi 



wo 2007/091002 



PCT/GB2006/001766 



5 

has not been amended in that the document corresponds to the hash value and that the 
signature corresponds to that generated when Ihe document was previously signed by 
the user or the last user to edit the document Accordingly, a fiirflier improvement in 
security is provided. In one example, the signature is a Public-Key Ciyptogr^hic 
5 Standards 7 (PKCS7) signature. 

In some embodiments the document repository may include a log identifying 
vAxen documents are retrieved for editing and/or viewing. As such management of 
documents and tracking of changes of secure informadon is thereby &cilitated. 

Various further aspects and features of the present invention are defined in the 
1 0 appending claims. 
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Brief Description of flte Drawing 

Embodiments of the present invention will now be described by way of 
example only with reference to Ihe accompanying drawings where like parts are 
provided with corresponding reference numerals and in \^ch: 
5 Figure 1 is a schematic block diagram of a document management system in 

vAAch a plurality of client terminals are connected to a document repository and to a 
key repository^ 

Figure 2 is a flow diagram illustrating a process tiirough which an encryption 
key pair is generated and stored in the key repository server shown in Figure 1 ; 
10 Figure 3 is a part block diagram part flow diagram illustrating a process 

through \^ch a document is created on a client terminal; 

Figure 4 is a part block diagram part flow diagram illustrating a process 
through vMdi a document is accessed and edited on a client terminal; 

Figure 5 is a flow diagram illustrating a process by vdiich a new digital 
15 certificate private key/public key pair is issued and the public key is stored on a public 
key digital certificate repository shown in Figure 1 ; 

Figure 6 is a flow diagram illustrating a process by which a user updates a copy 
of an encryption key pair after ejqiiry of a user's digital certificate; and 

Figure 7 is a flow diagram illustrating a process by \^ch existing key pairs are 
20 issued to a new user. 
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Description of Example F rnhndimcnfa 

Example embodiments of the present mvention will now be described with 
reference to Figure 1 vAich provides a schematic illustration of a security management 
5 system for documents vMch may for example be installed in an organisation where 
some level of security is appropiate to control, distribution and disclosure of 
information. Li Figure 1 a plurality of client terminals 1 are connected to a document 
rqpository server 2, a key repository server 4 and a public digital certiiScate repository 
server 6 via a communications network 8. The document repository 2 is arranged to 

10 store information in the form of data files 10. However, each of the data files is 
encrypted with a public key of one of a plurality of encryption key pairs (A-key/B-key 
for encryption private key and encryption pubhc key respectively). Thus each of the 
documents 10 has associated therewith one or more encryption key pairs. 

In Figure 1 the mcryption key pairs are designated Thus for a first of 

15 the documents shown the document 10.1 is encrypted with the public key B/ of one of 
the encryption key pair AjB /. 

Ihe documents may also include a digital signature 12. As will be explained in 
the following paragr^hs, the digital signature Is added once a user has accessed the 
document or created the document 

20 As well as the encryption key pairs, the document security management system 

also includes a plurality of digital signature certificate key pairs vMoh form digital 
certiGcates. Hiese will be referred to in the following description as certificate key 
pairs (certificate private key or certificate public key as the case may be). Each of the 
plurality of certLGcate key pairs is associated with one of the users of the system. 

25 Thus, for the example shown in Figure 1 each of the client terminals has a user 
associated therewith (although a user may operate from any terminal carrying his 
digital certificate and certificate private key with him on a hardware device attachable 
to any terminal) and each user has associated with it a certificate key pair. A user 
may actually operate from any terminal carrying his/her certificate private key on an 

30 attachable mobile hardware device such as a smart card, USB token, mobile phone, 
PDA, etc. However it will be ^reciated that there could be more users than client 
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terminals and therefore the security management system is not limited to four 
certificate key pairs. The public keys of the certificate key pair are stored in pubUc 
digital certificate repository server 6. 

The encryption key repository server 4 stores the public key and the private key 
S of the encryption key pairs. As mentioned above there is an association between the 
encryption key pairs and the documents present in the document management server 2 
such that for each such document there is one and only one encryption key pair 
associated with it However, a particular encryption key pair may be associated with 
more than one document For example, if a set of related documents all require a 
10 common groiqp of users to access the set then one can assign just one encryption key 
pair to each document in the set Note that other relationships are: 

• Multiple users may have access to the same encryption key pair 

• Multiple encryption key pairs may be accessible by the same user 

• Each certificate key pair is assigned to one and only one user 

15 • Each user may have multiple certificates (e.g., expired certificates are still 

required for signature verification and hence a user may collect many 
certificates over a period of time, each however uniquely assigned the that 
user alone) 

More than one user may have access to any one document Furthermore 
20 different users may be allowed access to the same document v^st Tnaintaining 
security and imiquely ideottfying actions of one us^ with respect to tihose of another. 
To this end, each of the private keys of the encryption key pair associated with a 
document is mcrypted with the public key of the certificate key pairs of users vfho 
may be allowed access to the document Thus each private key of an encryption key 
25 pair associated with a document is encrypted with the public key of the digital 
certificate. Any user having access to that document therefore has an encrypted 
version of the private key, this encryption private key being encrypted with the public 
key of that user's digital certificate. Thus, as shown within an area 14 within Figure 1, 
for each document and for each user vMch has access to that document there exists a 
30 public key for the encryption key pair. There also exists the private key of the 
encryption key pair encrypted with the public key of the certificate key pair. 
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According to the example of the present technique a key manager ( or multiple 
key managers in other embodiments) manages the distribution of the encryption key 
pairs to the various users and manages the repository of public keys of certificate key 
pairs. Each user obtains his/her digital certificate fiom a legally vaHd Certifying 
5 Authority and sends his/her public key of the digital certificate to the key manager. For 
example, governments have incorporated national le^lation to govern and regulate 
certifying auttiorities, thus providing legal sanctity to digital certificates issued by 
them. The key manager uses a public digital certificate repository 6 to store the 
certificate public keys. In one example the private key of the certificate key pairs 

10 are provided on smart cards v^ch can then be used in a smart card reader when the 
user is accessing one of the client terminals L 

As e3q>lained above the encryption key pairs comprise two asymmetric pairs, 
which are represented in Figure 1 as aB-key which is the shorter public key and the A- 
key \i^ch is ttie longer private key. Each pair is also provided with aunique identifier 

IS Qlgy pair ID or key ID). Data files rq>resenting documents stored in the document 
repository 2 are always encrypted with the B-key (encryption public key) of the key 
pair. The key pair ID of the B-key that is used for encryption is stored along with the 
encrypted data file. Therefore it is always possible to know given an instance of the 
encrypted data file, \^ch encryption key pair is to be used for decrypting the 

20 informadon and/or encrypting the infomoation provided in the data file. Users are 
granted specific access to review and/or update the data files. The data files are 
i:Q)dated and th^ re-encrypted in the client terminal before being communicated back 
to the document repository 2. 

The document rq)ository 2 may contain structured data files or digital files or 

25 both. The key repository 4 stores the encryption key pairs. The B keys are stored in 
unencrypted form and all A-keys are stored in encrypted fonrL In one example, the 
encryption key pairs are generated by tiie user who has created flie document 
Alternatively, encryption key pairs may be created by a key manager within the 
organisation. There can be multiple key managers witiiin a given organisation, who 

30 are responsible for different sets of encryption key pairs. Bach authorised user has 
access to all public keys (B keys) of the encryption key pairs, because these are 
unencrypted. Each user may have access to multiple private keys of the encryption 
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key pairs (A-keys) v^ch are stored in a user specific section 14 encrypted with the 
public key of the user's digital certificate. A process through vMch the encryption key 
pairs are generated is described in the following section. 
Encryption Key Pair Generation 

5 Figure 2 provides a flow diagram representing a process in vMch an 

encryption pair is generated by a user in association with a document Figure 2 is 

summarised as follows: 

SI: The user applies a key generation plication which is operating, for 

example, on the client tenninal on vMch tiie user is working in order to generate an 
10 encryption key pair. A private mcryption key is never available on the server in 

unencrypted form. It is available on client temunal in unencrypted form only v^e the 

session with the server is live during \^ch period only the authenticated user has 

access to that client terminaL 

S2: The private key (A-key) of Ihe encryption key pair is then encrypted (at 
15 least) twice - one copy is encrypted with the user's digital certificate public key and a 

second copy with the key manager's public key. The private key (A-key) of the 

encryption key pair is encrypted with Ihe key manager's public key so that the key 

manager can decrypt the private key (A key) should this be necessary if the user were 

to leave the organisation or has to be denied access to that document for some reason. 
20 S4: The user then updates the key repository server with a public key (B- 

key) and the encrypted private key (A-key) of the encryption key pair. 

S6: Optionally the key manager may issue the public key (B-key) and the 

private key (A-key) to the user, if the key manager generated this encryption key pair. 

The private key (A key) is encrypted with the pubUc key of the user's certificate key 
25 pair. The key manager may then authorise other users to access the document by 

encrypting copies of the private key (A key) of the encryption key pair with the public 

key of the other users' certificate key pair. 

The key pair generation may take place vfhcn a document is generated or may 

be generated before a document is first created, but in all cases before the docum^t is 
30 updated / sent to the server so as not to compromise security. 
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Adding Secure Informatioii to the Pocnment Repository 

Figure 3 provides a part-schematic, part-flow diagram illustrating a process 
through which a user oreates a document and then stores the document in encrypted 
form in the document repository using the encryption key pair generated in Figure 2. 
5 In Figure 3, one of the cUent terminals 1 is used hy a user, for example user2, to create 
a data file 20 representing a digital document The data file is created by an 
application program running on the client terminal 1 in a conventional manner. An 
plication on the client terminal tiien generates a dig^ hash using, for example, the 
Secure Hash Algorithm SHA-1 of the data file at a first step 22. The application also 

10 then generates a detached digital signature 24, which is generated using the digital 
certificate of the user. Thus, die digital signature is generated by the user using die 
user's private key of die digital certificate &om die document The digital signature 
uses the private key. It serves as a signature because it is based on the private key to 
v^ch only die owner of the certificate has access. In one example the digital 

15 signature is a PubUc-KeyCryptogr^hyStaiuiards# 7 (PKCS7). The PKS7 signature 
is then attached to the digital document 20. More information on the PKCS7 can be 
found fix)m the RSA Labomtories (www.rsasecurity.com). 

The ^>pIication on the client terminal 1 then retrieves the public key of one of 
the encryption key pairs vMch has either been pre-generated as indicated above or is 

20 generated at the time of creation of the document 20. The key repository 4 provides 
the public key (B^ key) 26 to the client termmal 1 which is used to encrypt the 

document data file 20 to form an encrypted data file 20', the document having been 
encrypted with the public key of the encryption k^ pair. 

Hie encrypted data file 20' is then stored in die document repository server 2 

25 by communicating the encrypted data file from the client terminal 1 to the document 
repository server 2 via the communications network 8. The document is 
communicated with the digital signature (PKCS7). Furthermore, the hash value is 
included with the communicated encrypted data file 20^. Thus the document 
repository server stores the data file 20 m encrypted form (encrypted with the public 

30 key of the encryption key pair) with the hash value included in the digital signature. 
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Secure Access Log 

According to the present technique A?rfieaever a user accesses a document then 
he/she is required to groerate a digital signature which is conununicated to the 
document repository server and stored in association with the document concerned. 
S As indicated above, in one example the digital signature is generated in accordance 
with the PKCS7 international standard for generating digital signatures. In one 
example, the digital signature is a detached digital signature. The digital signature will 
always include tiie public key (B-key) associated with the document, tiiat is the public 
key of the encryption pair allocated to that document required for recording an attempt 

10 to access the corresponding private key, and will always include the hash value 
genocated fiom the document \^ch is encrypted with the private key of the certificate 
key pair of the user accessing the document As mentioned above the hash value forms 
a digest of the content of the data file representing the document Since Ihe encryption 
public key is available on the key repository server 2 then any authorised user caii 

15 download the appropriate public key and verify the signature by decrypting the 
encrypted hash value with the public key of the certificate pair in order to validate 
the viewed signature. 

Viewing Secure fnfftrmation from Repositorv 

Figure 4 provides a part-schemiatic block diagram of the system elements and a 
part-flow diflgrain illustrating process steps involved in viewing and editing documents 
stored on the document server 2. In Figure 4 a user, for example user Y, accesses one 
of the client terminals 1 in order to review and/or edit a document stored on the 
document server 2. Hie process steps performed in order to view and edit a document 
are summarised as follows: 

SIO: The user Y first activates an application program on the client terminal, 
vMch sends a request for information to the document server 2 requesting access to a 
particular document Prior to the request the user authenticates itself as an authorised 
user by decrypting with its certificate private key a random challenge phrase sent by 
the server, the server having sent the challenge phrase encrypted with the public key of 
the user's digital certificate. 



20 



25 



30 
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S12: For tiie requested document, the document repository server 2 finds 
the key pair ID of the encryption key pair corresponding to the document identifier 
The document server 2 then checks the record of user Y with respect to the encrypted 
private key of the encryption key pair identified by the key ID associated with the 
5 document identifier D„. If user Y's record is not found for the specific Key Pair ID, 

reqxiest is rgected. 

S14: If user Y' s record is found, the document server 2 obtains the private 
encryption key corresponding to the public key with which the document concerned 
has been encrypted &om the key rqx)sitory and then sends it to the user* The private 
10 key (AjJ is sent to the user in a form in vMch it has been encrypted with the public 

key of the digital certificate of the user Y40. 

S16: The document serv^ 2 also sends the identified document 52 to the 
user vrfiich, as previously mentioned, is CTicrypted with the public key of the private 
key/pubUc key pair. 

IS S18: Togedier with the encrypted data representing the document 52 a digital 

signature is also sent with the data file representing the document 52 to the client 
terminal 1, vAsich is communicated to tiie user terminal 1 in response to the request for 
the document D^ 

Once the user terminal 1 receives the encrypted document 52 the application on 
20 the client tenninal 1 performs the following functions as indicated within an area 54 

illustrating the fiinctional steps performed by the application program: 

r 

S20: The application on the client temm^l 1 decrypts tiie private key (A- 

key) of the first private key/public k^ pair received from the docimient repository 

server 2 using the private key of user Y*s digital certificate. 
25 S22: The client terminal 1 then decrypts the document 52 using the 

decrypted private key (A-key) of the first document private key/public key pair 

associated with the document 52. 

S24: The application program running on the client tenninal 1, then 

generates an SHAl hash of the decrypted document 52. 
30 S26: The generated hash value is then compared with the hash value 

obtained by decrypting the hash in the PKCS7 detached signature of the previous user 
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X wifli public certificate key of user X vMch was received witii the decrypted 
document 52 fiom the document server 2. This establishes that X's signature is valid 
and the document has not been viewed/accessed/changed by anyone between the time 
X accessed it and now. 

5 S28: The ^yplication program then generates the PKCS7 detached digital 

certificate for user Y. The signature is generated by encrypting the hash value with the 
public key of the user Y's digital certificate. 

S30: The implication on the client termioal then sends the PKS7Y signature 
generated by the user Y £tom the client terminal 1 for storage on the document server 
10 2. 

S32: The client teooninal sends the key ID of the encryption key pair, which 
was used to encrypt the document The document ID and the date and time at \diich 
access took place are also sent for storage in the document server 2. To increase 
security, by reducing a likelihood of the key ID, the document ID or the date and time 

IS being altered by an attack vMch is aimed at disnq)tmg the document management 
^stem the key ID, the document ID and the date and time are encrypted with the 
private key of tiie user Y's digital certificate. 

S34: As illustrated by an arrow, the key ID, the document ID and the date 
and time are sent to the document server 2 for storage. The key ID and the document 

20 ID are digitally signed by the user's digital certificate to create a "view signature" with 
the date and time. This provides a unique identifier indicating \^en the document was 
reviewed, edited and accessed. The hash value is also used by the viewing user to 
verify the authenticity of the signature, \^ch the user is creating. The "view 
signature" is updated on the document server 2 along witih a view log. Once the 

25 document has been edited it is then re^^crypted and stored on the document 
repository with a new hash value and a new view signature as represented by the flow 
diagram in Figure 3. 

If a different user wishes to access the same document then a second version is 
stored. Infonnation stored by a previous user is not updated, except for adding the 

30 "view signature" ofthe current user. 

When a user leaves an organisation or is no longer to be allowed access to 
certain information the corresponding private keys (A keys) associated with the 
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encryption key pairs are removed from tbis user's section of the key repository and, if 
appropriate and necessary, allocated to a different user. When flie private key of the 
encryption key pairs are allocated to a differeat user, that user views the ixiformation as 
set out above and digitally signs the information after verification. A second detached 
5 PKS7 ^gnature is stored on the server and associated with the document for which that 
user is now responsible. 

The document management system according to the present technique can also 
be extended to deny access to any smgle user or even multiple us^ ^en access to 
certain secure information is to be granted only if some or all of a set of authorised 

10 users are physically present logged in (frequently required for security reasons or as 
company policy). The private (A-key) of the first document private key^ubUc key 
pair is not issued to a single user as a vAiole but is spUt into two, three or a pluraUty of 
parts as reqxiired and individual parts are assigned to specific users. In this example, 
all users v/bo hold parts of the key have to log in together (in any order) 6om the same 

15 client terminal and ^ly their digital certificates (or smart card and/or through typing 
a passworcQ before the information can be decrypted. 

Addition of a New Digital Certificate PnbKc Key on Public DC Repository 
To acquire a new digital certificate private key / public key pair for accessing 
encrypted documents in accordance witii the present technique, a user would in one 

20 example apply to a certifying authority for a new digital certificate public key / private 
key pair. After being provided with the new digital certificate public key^rivate key 
pair tiie user tisen i^Mlates its digital certificate by sending the public key to the k^ 
manager. A flow diagram illustrating an example of this process is shown in Figure 5. 
The process steps of Figure 5 will now be summarised as follows: 

25 S40: A user generates a new private key / public key pair on a client 

terminal. The new private key / public key pair could be generated on a smart card or 
on a USB token or may be generated on a personal computer (for example a note book 
PC) vMoh forms the cUent terminal. The user then sends the generated pubUc key of 
the digital certificate pair along with a request to a certifying authority for issuing a 

30 new digital certificate \^ch could be either an additional digital certificate private key 
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/ public key or a renewal of an existing distal certificate- The user completes the 
necessary identification verification formalities to satisfy the certifying authority. 

S42: Tlie certifying authority then validates the request fix>m tibe user and 
generates a new digital certificate contaiiung the user's new certificate public key, 
S signs the digital certificate with the cerdfyong authority's private key and sends the 
new digital certificate to the user. On receipt of the new digital certificate the user 
checks the certifying authority's certificate and installs the digital certificate on the 
client terminal. 

S44: The user then sends the public key of the new digital certificate to the 
10 key manager of Hie organisation with a request to add the key to die public digital 
certificate repository. The user also sends the existing digital certificate public key 
whether valid or esqpired, the public key being currently stored in the public digital 
certificate repository. 

S46: The key manager thm authenticates die user by checking the certificate 
IS public key cuirmtly stored in the public digital certificate repository with the existing 
digital certificate public key sent by the user. The key manager then also validates the 
new digital certificate by checking this digital certificate with a third party revocation 
list for exanq)le provided by the certifying authority. 

S48: The key manager stores and updates the user's certiGcate public key of 
20 the new digital certificate on the public digital c^tificate repository. 

Updating a User^s Copy of an Encryption Key Pair after expiry of a User's 
Digital Certificate 

The process throu^ \^ch a user iqxlates a copy of an encryption key pair 
using the new digital certificate acquired in the process illustrated above is represented 
25 inFigure6. The flow diagram shown in Figure 6 is sununarised as follows: 

S50: The user iq>dates tiie public digital certificate repository with a new 
certificate public key as for example iQustraled by the steps of the process illustrated in 
Figures. 

SS2: The user first downloads the copy of the encryption private key fiom 
30 the encryption key repository, \^ch is encrypted with the user's old public key. 
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S54: The Ms&r then decrypts the encrypted private key (A key) using his old 
digital certificate private key to recover the encryption private key (A key). 

S56: The user thm le-encrypts the decrypted encryption private key (A key) 
Avith the new digital certificate public key. 
5 S58: The user then uploads the re-encrypted encryption private key (A key) 

and installs Ihis on the encryption key repository. The user or the key manager then 
deletes the old copy of the encryption private key (A key) &om the encryption key 
repository. 

Providing Access to a Document to a New User 

10 As will be ^ipreciated from the example ^plications of the present technique 

described above, document security is provided by encrypting that document with the 
public key of the private key/public key pair of the enoryption keys and storing that 
document on the document repository. The user can then access that docimient by 
downloading the encrypted private key of the encryption key pair, decrypting that 

15 private key and then downloading the encrypted document to decrypt that document 
with the decrypted private key. However, the present technique also provides an 
opportuoity for a user to allow access to that docimient by another user in a secure 
marmer. To this end, the user downloads and decrypts the private key corresponding 
to tiie encryption public key with \^ch the document has been encrypted and encaypts 

20 a copy of that private key with the pubUc key of a new user's digital certificate. Figure 
7 provides a flow diagram illustrating an example of a process in vMch a new user is 
provided with access to the private k^ for accessing an mcrypted document, the 
document having been encrypted with the corresponding public key of the encryption 
private key public key pair. Figure 7 is summarised as follows: 

25 S60: A user vfbo is issuing access to a document, for example the document 

origmator, downloads from the key repository a copy of the encrypted private key (A 
key) vMoh is associated with a particular document to vMch a new user is to be given 
access. 

S62: The issuing user also downloads the new user's digital certificate pubhc 
30 key fix)m the public digital certificate repository. 
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S64: The issuing user then decrypts the encrypted private key (A key) of the 
encryption key pair using the digital certificate private key for that user which may be 
stored on the client terminal or in a smart card or a USB token. 

S66: The issuing user then re-encrypts Ihe decrypted private key (A key) 
5 with the new user's digital certificate public key. 

S68: Hie new user's encrypted copy of the encryption private key (A key) is 
then uploaded to the key repository. The new user therefore can access the document 
corresponding to the encryption private key public/key pair because the new user can 
download the corresponding encrypted private key (A key) with vMcix the user's 
10 corresponding public key has been used to encrypt the document and to decrypt the 
private key using the new user's digital certificate private key so that the document can 
be decrypted with the user's encryption private key. 

Various modifications may be made to die embodiments described above 
without departing from the scope of the present inventioiL For example, it wiU be 
IS appreciated that any form of hash algorithm can be used to generate the hash value, 
and SHAl algorithm is but one example of an algorithm, \^ch could be used. Also 
PKCS7 is provided as one example of a signature and any other signature algorithm 
can be used to generate an s^ipropriate authorisation and validation of a user's activity. 
Hie telecommunications network could be an intranet and/or an internet access so that 
20 one advantage of die present invention could be secure access to documents via the 
internet Another advantage of the present invention could be to secure, access to 
documents via a corporate LAN/WAN, 
ADDlication to Electronic Procurement Systems 

Embodiments of the present invention may also be incorporated in electronic 
25 data or document exchange systems such as electronic procurement systems or 
electronic sealed bid systems, such as that disclosed in WO2004/091 135. For example, 
electronic tendering is a form of an electronic sealed bidding system used by 
organisations such as Govenmient agencies and the public sector for procurement of 
goods, services, and works. In such ^plications the procuring agency invites tenders, 
30 and interested vendors submit sealed bids in response to tenders. The bids may be 
securely signed and sealed using encryption techniques such as for example Public 
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Key Infirastructure methods or digital certificates, and may be required to be opened by 
specified users of the procuring agency only after a particular date and time. Thus in 
accordance with the present technique, each party to a secure bid is arranged to poses a 
digital certificate key pair. This is used to access a private key of an encryption key 
5 pair stored in a key repository, encrypted with the public key of the digital certificate 
key pair. Dociunents a:eated as part of the secure bid process are stored on a 
document repository, encrypted with the private key of the enoryption key pair. 
Therefore the document management system can provide: 

(i) Secure access and control to procuring agencies so that only designated 
10 users have access to trader and bid documents. 

(ii) The transfet/replacCTient of access and control rights of a designated user 
of a procuring agency mid- way through a tendering process can be achieved without 
compromising or at least reducing a risk to system or individual security, \^ch might 
otherwise be caused by sharing of passwords or digital certificates. Hiis may be 

15 achieved by either decrypting the transferor's encrypted copy of the private key (A 
key) of the encryption key pairs associated with the tender/bid document using the 
transferor's certificate private key and re-encrypting it with the transferee's certificate 
public key, or alternatively if a Key Manager has been appointed in the organisation 
the Key Manager can download an encrypted private key associated with the 

20 tendei/bid document, decrypt it with the Key Manager's cotificate private key, and re- 
encrypt it with the certificate pubUc key of the transferee (i.e., the new designated 
user). The Key Managor can also delete the encrypted private key associated with the 
tend^/bid document of the transferor Oi.e., tiie old designated user) to deny any further 
access. 

25 Gii) Opening/deciyption of tender documents and sealed bids is only executed 

when all designated users are present/logged-in, which is firequently mandatory in 
public sector and government procurement This can be achieved by splitting the 
private (A key) associated with the encryption key pairs as described above. 
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CLAIMS 

1. A document security management system for securely m a n ag ing 
dociHuents or data files for users, the document management system comprising 
5 a document repository providing a fecility for storing data files representing the 

documents, 

a key repository for storing a public key of one or more encryption key pairs, 
each of the encryption key pairs bemg associated or intended to be associated with one 
of the documents stored in the document repository, and each docummt stored in the 
10 document repository is encrypted \¥rfh the public key of the encryption key pair 
associated with the document, and 

a plurality of client terminals operable to retrieve the documents from the 
document repository for processing by a user, \^erem each user is provided with a 
digital certificate comprising a certificate key pair, and the key repository includes the 
15 privalekeyoflheenciyptionkeypairenciypted with the public key of the certificate 
key pair associated with the user, the client terminal being operable with the private 
key of tiie certificate key pair, the client terminal being operable 

to decrypt the private key of enacyption key pair using the private key of the 
certificate key pair, 

20 to retrieve the encrypted document from the document repository, and 

to decrypt the document using the decrypted private key of the encryption key 
pair to access the documrat 



2. A document security management system as claimed in Claim 1, 
25 wherein the climt terminal is operable 

to generate a hash value of the document after the document has been created 
or edited by a user, 

to encrypt the hash value with the private key of the private key of the 
encryption key pair, and 
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to store the encrypted hash value with the encrypted document on the 
document server, and the client terminal is operable ^en retrieving the document 
from the document server 

to decrypt the hash value vMch has been stored in association with the 
5 document, 

to recalculate the hash value firom the decrypted document retrieved from the 
document server, and 

to verify that the document corresponds with a version of the document in a 
form y/hea the hash value ^i^ch has been stored in association with document was 
10 produced, by comparing the recalculated hash value with the hash value which was 
stored on the document server m association with the document 

3. A document security management system as claimed in Claim 1, 
wherein the client terminal is op«:able 
15 to generate a digital signature using the user^s private key of the certificate 

key pair, by 

calculating a hash value of the document, and 

encrypting the hash value calculated from the document with the private key, 

and 

20 to store the distal signature in association with the encrypted document in tihe 

document server, and the client tenninal is operable \^en retrieving the document 
from the document server 

to retrieve &e digital signature associated witii the document from the 
document server, 

25 to re-calculate the hash value from the decrypted document, 

to extract the hash value from the digital signature by decryptiiig the encrypted 
hash value in the signature 

to compare the extracted hash with the re^generated hash, and if tiie re- 
generated hash is the same as the extracted hash validating the retrieved digital 
30 signature as being audientic. 
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4, A document security management system as claimed in Claim 2 or 3, 
wherein the digital signature is a detached digital signature generated in accordance 
with the Public Key Certificate Standard 7. 

5 5. A document security management system as claimed in any preceding 

Claim, \^dierein the client terminal is operable to generate a temporal reference 
indicating a time and/or a date whm the document was created and/or edited, 

to encrypt the tenq>oial reference with the public key encryption key pair, and 
to communicate the encrypted temporal reference to the document repository, 
10 the docimient repository being operable to store the temporal reference with the 
document in the document repository. 

6. A document management security system as claimed in any preceding 
Claim, wherein the key repository is operable 

15 to store the public key of the one or more encryption key pairs in the key 

repository, 

to encrypt the private key of the one or more encryption key pairs with the 
public key of the certificate key pair associated with a user, and 

to store the encrypted private key of the one or more encryption key pairs on 
20 the key repository. 

7. A document security noanagement system as claimed in any preceding 
Claim, v^erein the key repository is arranged to store each private key of the one or 
more encryption key pairs encrypted witihi a public key of a key manager* s certificate 

25 key pair. 

8. A method of securely managing documents for users, the method 
comprising 

storing data files representing documents on a document repository, 
30 storing a public key of one or more encryption key pairs on a key repository, 

each of the encryption key pairs being associated with one of the documents stored in 
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the document repository, and each document stored in the document repository being 
encrypted with the public key of the encryption key pair associated with flhe document, 

storing and/or retrieving the docummts from the document repository for 
processing by a user, \s*ieiein the key repository includes the private key of encryption 
5 k^ pair encrypted with the public key of a digital certificate key pair assodafced with 
the user, the mediod including 

decrypting the private key of the encryption key pair using the private key of 
the certificate key pair, 

retrieving the encrypted document from the document repository, and 
10 decrypting the document using the decrypted private key of the first document 

private key/public key pair. 



9* A method as claimed in Claim 8, the method comprising 
generating ahash value of the document after the document has been created or 
15 edited by a user, 

encrypting the hash value with the private key of the first document private 
key/pubhc key pair, 

storing the encrypted hash value widi the encrypted document on the document 
repository, 

20 decrypting tiie hash value i^ch has been stored in association with the 

document, 

re-^culating the hash value from the decrypted document retrieved finm the 
document repository, and 

verifying that the document corresponds with a version of the document in a 
25 form vAnsa Ate hash value vMch has been stored in association with document was 
produced, by comparing the recalculated bash value with the hash value \^ch was 
stored on the document repository in association with the document 



10. A method as claimed in Claim 8, the method comprising 
30 generating a digital signature using the user's private key of the certificate key 

pair, by 

calculating a hash value of the document, and 
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encryptiiig the hash value calculated firom fhe document with the public key, 
storing the digital signature in association with the encrypted document in the 

document repository, 

retrieving the digital signature associated with the document fix>m the 
5 document repository, 

re-calculating the hash value from the decrypted document, 

re-generatiiig the digital signature by encrypting the re-calculated hash value 

with the user's public key of the second document private key/public key pair, and 

comparing the retrieved digital signature with the re-generated digital 
10 signature, and if the re-generated digital signature is substantially &e same as the re- 

retdeved digital signature vaUdatmg the retrieved digital signature as being authentic. 

11. A document repository for a document management system operable to 
maxiage securely documents for users, the document repository providing a &cility for 

1 5 storing data files representing documents, the document repository being operable 

to store the data files representing the documents each document stored in the 
document repository being encrypted with the public key of the first document private 
key/public key pair associated witibi tibte document, 

to store in association with each of the documents a hash value generated from 
20 the document and a digital signature generated from the hash value and the private key 
of a second document private key/public key pair provided to a user. 

12. A client terminal operable in combination with a key repository and a 
document repository of a document security management system, the cUent terminal 

25 being operable to store and to retrieve the documents to and from the documentary 
repository for processing by a user, \^erein each user possesses a digital certificate 
comprising a certificate key pair, and the key repository includes the private key of 
the encryption key pair encrypted with the public key of the certificate key pair 
associated with the user, the client terminal being provided by the user with the private 

30 key of the certificate key pair, the client terminal being operable 

to decrypt the private key of the encryption key pair using the private key of 
the certificate key pair. 
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to retrieve the eaciypted document from the document lepositoiy, and 

to decrypt the document using the decrypted private key of the encryption key 

pair. 

5 13. A client terminal as claimed in Claim 12, \\4iereui the client terminal is 

operable 

to create a data fDie representing a document, 

to encrypt the data file with the public key of the one or more mcryption key 
pairs, and 

10 to store the encrypted data file on the document repository. 

14. A key repository operable in combination wifli a document repository 
and one or more client terminals to provide a document security management system, 
the key repository being operable 

15 to store a public key of one or more encryption key pairs, each of the 

encryption key pairs bdng associated with one of the documrats stored in the 
document repository, and each document stored in the document repository is 
encrypted with the public key of the encryption key pair associated with the document, 
Arfierein the key repository includes the private key of the encryption key pair 

20 encrypted with a public key of a dig^ certificate key pair associated with the user. 

15. A document security management system, a document repository 
server, a client terminal substantially as herein before described with reference to the 
accompanying drawings. 

25 

16. A method of managing documents substantially as herein before 
described with reference to the accoirq)anying drawings. 
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User applies a key generation application 
on the client machine to generate an h _ . 
encryption private key/public key pair ^ ' 



Encrypt the private key (A-key) of the 
encryption private key/public key pair 
wth the user's digital certificate public p- S2 
key and the key manager's public key 



Update the key repository server vwth 
the puWfc key (B-key) and the encrypted 
private key of the encryption private key/ p-S4 
public key pair 



Key manager may optionally issue the 
public key (Arkey) and tiie private key 
(B-key) to the user, atthough the private 
key (A-key) Is enaypted with the public p- S6 
key of the user'^ digital certificate private 
key/public key pair. 



Fig. 2 
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ADDITION OF A NEW CERTIFICATE PUBUC KEY ON 
PUBLIC DC REPOSITORY OF EXISTING USER 



User generates new key-pair on client temninal (or on Smart Card/USB token as tt)e 
case may be) and sends the generated public key abng with a request to a Certifying 
Authority for issue of a new Digital Certificate (either an additional one or a renewal as 
the case may be). The User completes necessary identification verification fonnaiities 

to satisfy the Certifying Authorify 



S40 



Certifying Authorify validates request, generates new Digital Certificate containing 
User's new certificate public key, signs the Digitel Certificate with Certifying Authorifys 
private key, and sends the new Digital Certificate to the User. On receipt of new Digitel 
Certificate User instells and stores it on the client terminal (or on a portable hardware 
device such as a Smart Card or USB token to be used on any client terminal) 



S42 



User sends tiie new Digitel Certificate to the Key Manager of the organisation vinth a 

request to add it to the Public DC Repository. User also sends existing Digitel 
Certifkate (whether valid or expired) whose public key is ojnentiy stored in Public DC 

Repository 

P 
S44 



Key Manager authenticates User by checldng tiie certificate public key currentiy stored 
In Public DC Repository with existing Digitel Certificate sent by User. Key Manager 
also validates the new Digitel Certificate by checking witii third party revocation list 

(e.g., of Certifying Authorify) 



S46 




Key Manager stores and updates User's certificate public key of the new Digitel 
Certificate on Publto DC Repository 



S48 



Fig. 5 
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UPDATING USER'S COPY OF ENCRYPTION KEY PAIR AFTER 
EXPIRY OF USER'S DIGITAL CERTIFICATE 



User updates Public DC Repository with a new certificate public key 
as per the steps shown in Figure 5 
p I 
S50 

User downloads his copy of the encrypted private key (A-key) from 
the Encryption Key Repository 

p 1 

S52 



User deoypts the encrypted private key (A-key) using the old certificate 

private key with which it was originally encrypted 
p I 

S54 

User re-encrypts the decrypted private key (A-key) with the new 
certificate public key 
p r 
S56 



User upk)ads the re-encrypted private key (A-key) to the Encryption 
Key Repository, and User (or Key Manager) deletes the old copy 
from the Encryption Key Repository 

—P 
S58 



Fig. 6 
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ISSUING EXISTING ENCRYPTION KEY PAIRS TO A NEW USER 



Issuing User (e.g., document originator) downloads from the Encryption 
Key Repository his copy of the encrypted private key (A-key) associated 
with a particular document to which a New User is to be given access to 



S60 



Issuing User downloads the New User's certificate public key from the 
Publk) DC Repository. 



S62 



Issuing User decrypts the encrypted private key (A-key) of the encryption 
key pairs using his certificate public key (stored on client terminal or in a 
smart card /USB token) 



S64 



Issuing User re-encrypts the deciypted private key (A-key) with the New 
User's certificate public key 



S66 



The new user's encrypted copy of the private key (A-key) is uploaded to 
the Encryption Key Repository, thus updating the associated document 

with the New User who can now access tfte document 
P — 

S68 



Fig. 7 
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Declaration as to non-prejudicial disclosures or exceptions to lack novelty (Rules 4.1 7(v) 
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in relation to this international application Jonathan Mark DeVile, Patent Attorney for the 
Applicants on information provided by Tapan Mehta, Managing Director for the Applicant 
Company Nextenders (India) Private Limited Company declares that the subject matter 
claimed in this international application was disclosed as follows: 



(I) kind of disclosure (include as applicable): 



A disclosure as a result of an abuse in breach of confidence and 
fidudary duty, by an e-mail sent on 17 November 2005 to the Executive Director of 3i 
Infotech Umited by the inventor and Chief Technical Officer Mr Ravindra Shevade, The 
e-mail included an attachment providing drawings which are substantially the same as 
Figures 1, 3 and 4 of the present Intemational patent application. 
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inventions in respect of which no international search report has been 
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